1. Field of the Invention
The invention relates to digital rights management in electronic devices. Particularly, the invention relates to the use of an intelligent clock controller preventing the misuse of time limit protected digital content.
2. Description of the Related Art
Since the introduction of digital storage technologies more effective copyright enforcement has become an issue. Especially, the emergence of the Internet as an illicit distribution channel for copyright protected content has created a strong demand for new technologies in copyright protection. One such technology is the Digital Rights Management (DRM). The DRM is a common term for standards and proprietary systems where a given content item is augmented with information that specifies user rights associated with it. The content item may, for example, be an audio recording, video, picture, computer program or simply a document. The user rights may comprise various rules pertaining to the use of the content item. For example, a user may be given a time limit during which the content item can be presented, in other words, rendered to the user. Allowed number of listening times, allowed device identities and partial viewing rights are other examples of rules pertaining to the use of a content item. The DRM requires that the presentation device and the presentation software in it are not hostile, that is, they participate in the enforcement of digital rights. In the presentation device there is usually a DRM agent, or in other words, a DRM engine, which enforces the DRM rights and protects the content items from illicit copying. In order to avoid making a DRM protected content item available for copying, the content item may be encrypted while it is in transit from the network to the presentation device and while it is stored in the presentation device outside of the DRM engine, for example, on a hard disk.
One standard for the DRM is the one based on Open Mobile Alliance (OMA) DRM specification. The aim of the OMA DRM is to enable controlled consumption of digital media objects by allowing content providers to express content rights. The media objects are content items such as audio clips, video clips, pictures, Java applications and documents. Content items governed by rights are referred to as assets. In the OMA DRM content rights are expressed as document objects, that is, documents written using a Rights Expression Language (REL). In order to specify the rights pertaining to an asset it is associated with a REL object. The association between a REL object and an asset may be specified explicitly by mentioning the asset's identifier in the REL object or implicitly by providing the REL object in a same message together with the asset.
Reference is now made to FIG. 1, which illustrates the downloading of media and REL objects to a mobile terminal that is equipped with a DRM agent in prior art. In FIG. 1 there is a Mobile Terminal (MT) 100, which is used as the content presentation device. MT 100 may be a terminal of a cellular mobile network such as the Universal Mobile Telecommunications System (UMTS), or it may be a WLAN terminal or a fixed network terminal. MT 100 has a radio connection to a base station 120, if it is a wireless terminal. Base station 120 is in an access network 110, which provides access to the Internet, a private IP network or any other network, which is used for DRM content delivery. MT 100 is connected via intervening networks such as access network 110 to a content source 130, which provides DRM protected content to MT 100. In the OMA DRM there are three possible methods for delivering content to a terminal and a DRM agent therein. Content is delivered to a terminal in DRM messages. In a DRM message there is a media object and an optional rights object, that is, a REL object. The first method, which is represented in FIG. 1 by arrow 140, is called forward-lock. In this method no REL object is associated with media object 150. Media object 150 is sent in a DRM message, which has no REL object. Default rights known to MT 100 are applied for media object 150. For example, they may prevent further distribution of media object 150 to any other terminal. The second method, which is represented in FIG. 1 by arrow 142, is referred to as combined delivery. In the combined delivery, a media object 153 is sent together with REL object 154 in a DRM message. In the third method, which is represented in FIG. 1 by arrows 144 and 146, media object 156 and REL object 158 are provided separately. They may be sent via different transports.
Reference is now made to FIG. 2, which illustrates the architecture of a prior art mobile terminal that is equipped with a DRM agent. A Mobile Terminal (MT) 100 is in communication with a base station 120, which is in association with an access network 110. To access network 110 is connected a network node 292, which provides network time for mobile terminals in access network 110. MT 100 comprises a DRM engine 202, in other words, a DRM agent, a media application 204, a secure clock 206 or a user interface clock 208. In MT 100 may be stored at least one media object 210, which is provided via DRM engine 202 to media application 204. DRM engine 202 may decrypt media object 210, if it has been encrypted for protection. The optional encryption has been performed in a content source such as content source 130 using encryption that can only be decrypted using a key available to DRM engine 202. MT 100 stores also at least one REL object 214. REL object 214 is used by DRM engine 202 to check the user rights pertaining to a given media object such as media object 210. DRM engine 202 checks the user rights before making media object 210 available via media application 204 for rendering to the user. In the case of time based rights DRM engine 202 checks current time from either secure clock 206, provided that it is available in MT 100, or from user interface clock 208. Typically, REL object 214 may specify a timeslot during which the presentation of media object 210 for the user is allowed. In other words, it may specify a start time and end time between which media object 210 may be presented to the user. If current time falls in this timeslot allowed by REL object 214, DRM engine 202 provides media object for media application 204 to be rendered. Secure clock is safe from the DRM point of view, because the time in it is provided from network using messages represented by arrow 290 in FIG. 2. The time is provided using, for example, UMTS Network Information and Time Zone service (NITZ) or any other network time protocol, which is regarded as safe from malicious time altering either in transit from node 292 or even in node 292. User interface clock 208 is not safe from the DRM point of view, since time and date information in it may be modified by user at will. There is also a backup storage 212 in association with MT 100 to which any information comprising REL objects 214 and media objects 210 can be stored for backup purposes. The backup and restoring process is illustrated using arrows 228 and 230.
There are problems in a mobile terminal architecture such as illustrated in FIGS. 1 and 2. Firstly, it is possible that there is no secure clock available in mobile terminal. In this case it is possible that time and date information is manipulated by user to deceive the DRM engine so that a media object may be presented to the user despite the fact that the REL object associated with it has an end time that is factually past. If there is no control, the user may manipulate time and date information repeatedly, which vitiates the time limit based DRM protection completely. Secondly, it is possible that in some cases network time information may also not be reliable, if the network node providing time information is not maintained properly. In small network environments it also possible that network time is manipulated similarly to circumvent time based DRM protection.